Using a nearly 20-year-old file transfer product - what could go wrong? Among the many lessons to be learned from the Accellion File Transfer Appliance mess is this: Attackers will devote substantial resources to reverse-engineer hardware, software or a service if there's a financial upside.
Microsoft has patched a critical vulnerability in Windows that can be exploited by tricking users to visit websites that use a malicious font. The flaw was found by Google's Project Zero bug-hunting team.
Security firm Positive Technologies says more than 6,000 VMware vCenter devices worldwide that are accessible via the internet contain a critical remote code execution vulnerability. VMware has issued recommendations for patching the flaw.
The Python Software Foundation is issuing updates for Python 3.9.2 and 3.8.8 to address critical security vulnerabilities, including a remote code execution vulnerability that can be exploited to shut down systems.
Software company Accellion has released preliminary findings around the security incident that stung customers using its 20-year-old File Transfer Appliance. The attackers swiftly stole data from compromised systems, and some of those organizations have subsequently been extorted.
Apple has patched a vulnerability in macOS Big Sur 11.2 and 11.3 upgrades that could have resulted in users getting stuck in a boot loop, suffering serious data loss and potentially getting locked out of their data.
French cybersecurity authorities are warning that widely used, open-source IT monitoring software called Centreon appears to have been hit by Russian hackers. But unlike the SolarWinds supply chain attack, in this campaign, attackers appear to have hacked outdated, unpatched versions of the software.
Microsoft has patched a 12-year-old vulnerability in Microsoft Defender that, if exploited, could enable nonadministrative users to escalate privilege in the application. The patch was made after security firm SentinelOne recently notified Microsoft about the flaw.
The Reserve Bank of New Zealand issued an update on the data breach it sustained in December 2020, saying it has identified the records that were compromised and offering a timeline of the incident.
Following the hacking of a Florida water treatment plant, CISA is warning the operators of other plants to be on the lookout for hackers who exploit remote access software and outdated operating systems - and to take risk mitigation steps. The advice applies to other organizations as well, some security experts say.
Two more breaches have been tied to the vulnerable 20-year-old Accellion File Transfer Appliance. The latest victims are Singapore telecom company Singtel and Australian medical research institute QIMR Berghofer.
Siemens has mitigated 21 vulnerabilities in two of its virtualization software tools that, if exploited, could enable attackers to gain remote control, exfiltrate data or cause systems to crash. It's urging customers to shift to updated versions of the software that fix the flaws.
SAP has issued a patch and remediation advice for a critical remote code execution vulnerability in its SAP Commerce product that could, if exploited, disrupt the entire system.
PayPal has patched a cross-site scripting - or XSS - vulnerability found in its currency conversion endpoint that, if exploited, could enable malicious JavaScript injection. The vulnerability was discovered by a bug bounty hunter.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.